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DETAILED ACTION 

Response to Amendment 

1 . This office action is in response to the Applicants' After Non-Final Amendment filed on 
August 8, 2007. Applicant amended claims 1-2, 18, and 29. Claims 1-29 are presented 
for further consideration and examination. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1. 5-7. 10-14, 17-19. 21-25. and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bussiere (US006041042A), in view of Amara et al. 
(US006839338B1), and further in view of Zhang et al. (US006985935B1). 

4. With regard to claims 1 and 18 % Bussiere discloses, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is ore-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet and 
the destination IP address is associated with a remote exit device in the second 



network layer 2 domain; (Bussiere, coU , line 5 - col. 10, line 65) 
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Bussiere discloses, "FIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
device is referred to as an ingress device 15 for so long as the device is being 
monitored, and can be any one of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent In FIG. 2, port 13 has been 
selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port." A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 1 1 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 - col. 5, line 17). Hence, Bussiere teaches of the ingress device 15 
(i.e., Applicants' entry device) receiving packets (i.e., Applicants' data packet) 
that are being monitored through port 13 (e.g., "mirror-from-port") (i.e., 
Applicants' to be monitored) and transmitting them through "mirror-to-port" 14 to 
the egress device 18 (i.e., Applicants' remote mirrored device). Bussiere 
discloses, "In step 41, a port on a device in the network is selected to be 
monitored (i.e., a device is designated as an ingress device). Special hardware 
(and/or software) is set-up in the ingress device (e.g., 15), defining one port (e.g., 
port 13) as the "mirror-from-port" and one port (e.g., port 14) as "mirror-to-port". 
In step 42, frame encapsulation logic (e.g., 15) is set up in the ingress device 
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(e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a specific out-port of 
the ingress device (e.g., "mirror-to-port" 14) through the trunk devices (e.g., 16 
and 17) to the egress device (e.g., 18)" (Bussiere, col.6, lines 41-50). Hence, 
Bussiere teaches of the ingress device (e.g., "mirror-to-port" 14) (i.e., Applicants' 
entry device) is set up (i.e., Applicants' configured) with a path through the use of 
source and destination addresses (i.e., Applicants' destination IP address) so 
that data is forwarded to the egress device (i.e., Applicants' destination which 
mirror the data packet, remote exit device). 
• generating and adding an IP header to IP encapsulate the data packet wherein 
the IP header includes the destination IP address; and (Bussiere, col. 1 , line 5 - 
col. 10, line 65) 

Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col. 2, lines 27-46). Hence, Bussiere teaches of the 
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first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device. 
• forwarding the IP- encapsulated packet to an exit device associated with the 
destination IP address. (Bussiere, col.1 , line 5 - col. 10, line 65) 
Bussiere discloses, "According to a method embodiment, the invention 
comprises the steps of: selecting a first port of a first device from which to mirror 
packets; selecting a first port of a second device to which to mirror the packets; 
and mirroring the packets from the first port of the first device to the first port of 
the second device by encapsulating the packets and sending the encapsulated 
packets through the network to the second device. The first device encapsulates 
the packets, enabling them to be transmitted out the network to the second 
device; the second device de-encapsulates the encapsulated packets, and 
provides the same to an analyzer. The mirroring step may include establishing a 
connection path through a switched network from the first device to the second 
device and sending the encapsulated packets on the path. The step of 
encapsulating the packets may include adding a header which identifies the 
connection path" (Bussiere, col.2, lines 27-46). Hence, Bussiere teaches of the 
first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device and transmitting (i.e., Applicants' forwarding) them 
(i.e., Applicants' encapsulated packet) to the second device (i.e., Applicants' exit 
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device) through the network based on the destination address (i.e., Applicants' 
associated with the destination address). 
However, Bussiere does not explicitly disclose, 

• generating and adding an IP header to IP encapsulate the data packet wherein 
the IP header includes the destination IP address; and 

• forwarding the IP-encapsulated packet to an exit device associated with the 
destination IP address. 

Amara teaches, 

• generating and adding an IP header to IP encapsulate the data packet wherein 
the IP header includes the destination IP address: and (Amara, col. 1 , line 7 - 
col. 18, line 38) 

Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet The IP packet includes a header portion and a data portion" (Amara, 
col. 3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col.6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 



Application/Control Number: 10/723,041 Page 7 

Art Unit: 2145 

• forwarding the IP-encapsulated packet to an exit device associated with the 
destination (P address. (Amara, col.1 , line 7 - col. 18, line 38) 
Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet. The IP packet includes a header portion and a data portion" (Amara, 
col. 3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col.6, lines 43-45). Hence, Amara implies of IP 
encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Amara with the teachings of 
Bussiere "to send data between devices on the same network and between devices 
on different networks" (Amara, col.3, lines 31-32). Bussiere discloses, "As 
businesses have realized the economic advantages of sharing expensive computer 
resources, cabling systems (both physical and wireless) have proliferated to enable 
the sharing of such resources over a network. A local area network, or TAN', refers 
to an interconnected data network that is usually confined to a moderately-sized 
geographical area, such as a single office building or a campus area. Larger 
networks are often referred to as wide area networks or WANs 1 . Networks may be 
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formed using a variety of different interconnection elements, such as unshielded 
twisted pair cables, shielded twisted pair cables, coaxial cable, fiber optic cable, and 
wireless interconnection elements. The configuration of these cabling elements, and 
the interfaces for the communications medium, may follow one or more topologies 
such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13-28). Hence, Bussiere 
suggests of communicating between networks, providing motivation to combine with 
the teachings of Amara to send data packets between different networks via IP 
encapsulation. 

However, Bussiere and Amara do not explicitly disclose, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; 

Zhang teaches, 

• receiving by an entry device a data packet to be remotely mirrored from the first 
network layer 2 domain, wherein the entry device is pre-configured with a 
destination Internet Protocol (IP) address to which to mirror the data packet, and 
the destination IP address is associated with a remote exit device in the second 
network layer 2 domain; (Zhang, col.1, line 6 - col. 16, line 33) 

Zhang discloses, "Once the Layer 2 tunnel is setup and a necessary link is 
established, the LNS typically assigns an IP address to an authenticated client, 
and sends it to the network access device over the Layer 2 tunnel. The network 
access device receives the IP address and transfers it to the client (129)." 
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(Zhang, col.9, lines 20-24). Hence, Zhang teaches of communicating between 

networks through layer 2 encapsulation. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Zhang with the teachings of 
Bussiere and Amara "to send data between devices on the same network and 
between devices on different networks" (Amara, col.3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or 'WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. 



5. 



With regard to claims 5-7 and 19. Bussiere, Amara, and Zhang disclose, 

• further comprising: receiving the IP-encapsulated packet by the exit device; and 
removing the IP header to de-encapsulate the packet (Bussiere, col.1 , line 5 - 
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col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col. 1, line 6 - col. 16, 
line 33) 

Bussiere discloses, "The first device encapsulates the packets, enabling them to 
be transmitted out the network to the second device; the second device de- 
encapsulates the encapsulated packets, and provides the same to an analyzer. 
The mirroring step may include establishing a connection path through a 
switched network from the first device to the second device and sending the 
encapsulated packets on the path. The step of encapsulating the packets may 
including adding a header which identifies the connection path" (Bussiere, col. 2, 
lines 38-46). 

• wherein the remote mirroring preserves an original format of the data packet 
(Bussiere, col.1, line 5 -col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; 
Zhang, col.1, line 6 - col.16, line 33) 

• further comprising: pre-configuring the entry device to mirror data packets from at 
least one specified port of the entry device. (Bussiere, col.1 , line 5 - col. 10, line 
65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col.16, line 33) 

6. With regard to claims 10-14 and 21-25. Bussiere, Amara, and Zhang disclose, 

• further comprising: pre-configuring the entry device to mirror data packets which 
include IP addresses that matches at least one entry in an IP hash table. 
(Bussiere, col.1, line 5 - col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; 
Zhang, col. 1 , line 6 - col. 1 6, line 33) 

Bussiere discloses, TIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
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device is referred to as an ingress device 15 for so long as the device is being 
monitored, and can be any one of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent In FIG. 2, port 13 has been 
selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port. "A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 11 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 - col. 5, line 17). 

• further comprising: pre-configuring the entry device to mirror data packets which 
include an IP destination address that matches at least one specified subnet 
entry in a best matching prefix (BMP) table. (Bussiere, col.1 , line 5 - col. 10, line 
65; Amara, col.1, line 7 - col.18, line 38; Zhang, col.1, line 6 - col.16, line 33) 

• further comprising: pre-configuring the entry device to mirror data packets 
matching at least one access control list (ACL) entry. (Bussiere, col.1 , line 5 - 
col. 10, line 65; Amara, col.1, line 7 - col.18, line 38; Zhang, col.1, line 6 - col.16, 
line 33) 

• further comprising: configuring the entry device in a best effort mirroring mode to 
reduce head-of-line blocking. (Bussiere, col.1, line 5 - col. 10, line 65; Amara, 
col.1, line 7- col.18, line 38; Zhang, col.1, line 6 - col.16, line 33) 
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• further comprising: configuring the entry device in a lossless mirroring mode to 
assure completeness of mirrored traffic. (Bussiere, col.1, line 5 - col. 10, line 65; 
Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - col. 16, line 33) 



7. With regard to claims 17 and 28. Bussiere, Amara, and Zhang disclose, 

• further comprising: pre-configuring the entry device to mirror data packets which 
include IP addresses that matches at least one entry in an IP hash table. 
(Bussiere, col.1, line 5 - col.10, line 65; Amara, col.1, line 7 - col.18, line 38; 
Zhang, col.1, line 6 - col.1 6, line 33) 

Amara discloses, "The IPsec services can be applied in one of two modes, a 
"transport mode" or a "tunnel mode. " In the transport mode generally only the IP 
packet's data is encrypted. The IP packet is routed to the destination devices 
using a destination address (e.g., the IP destination address 72). In the transport 
mode the destination IP address and the source IP address may both be "visible" 
(i.e., not encrypted) to other devices on the network. As a consequence, another 
device may be able to monitor the number of packets sent between a source 
device and a destination device. However, since the data is encrypted, the 
device ordinarily will not be able to determine the contents of the data in the IP 
packets. Once the transport mode packet reaches its final destination, the 
destination device performs the IPsec processing. For example, the destination 
device may decrypt the data carried in the IP packet according to an agreed 
encryption method" (Amara, col.8, lines 50-65). 
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8. Claims 2-4. 8-9. and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bussiere (US006041042A), in view of Amara et al. (US006839338B1), in view of Zhang 
et al. (US006985935B1), and further in view of Liu et al. (US 200401 84408A1). 



9. With regard to claim 2 . Bussiere, Amara, and Zhang disclose, 
See claim 1 rejection as detailed above. 
However, Bussiere, Amara, and Zhang do not explicitly disclose, 

• further comprising: determining a media access control (MAC) address 
associated with the destination IP address; generating and adding a MAC header 
to the IP-encapsulated packet to form a MAC data frame, wherein the MAC 
header includes the MAC address in a destination field; and transmitting the 
MAC data frame to communicate the IP-encapsulated packet across the second 
network layer 2 domain to the remote exit device. 

Liu teaches, 

• further comprising: determining a media access control (MAC) address 
associated with the destination IP address; generating and adding a MAC header 
to the IP-encapsulated packet to form a MAC data frame, wherein the MAC 
header includes the MAC address in a destination field; and transmitting the 
MAC data frame to communicate the IP-encapsulated packet across the second 
network layer 2 domain to the remote exit device. (Liu, para. 1 -34) 

Liu discloses, "In another embodiment, a medium access control (MAC) 
encapsulated data packet for distribution over an Ethernet network is disclosed. 
The MAC encapsulated data packet includes a provider destination MAC 
address field; a provider source MAC address field; an Ethertype field; and 
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followed by a customer data packet In other words, the customer data packet 
encapsulates a provider header that includes the provider destination MAC 
address field, the provider source MAC address field, and the Ethertype field" 
(Liu, para. 11). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Liu with the teachings of 
Bussiere, Amara, and Zhang "to send data between devices on the same network 
and between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Brown discloses, "The 
resources required for one or more applications may lead one or more conferencing 
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participants to participate in a less resource-intensive manner" 1 (Brown, col.7, lines 
52-55). 

10. With regard to claims 3-4, 8-9. and 20, Bussiere, Amara, Zhang, and Liu disclose, 

• wherein determining the MAC address comprises: determining if a mapping of 
the destination IP address to the MAC address is stored in an address resolution 
protocol (ARP) cache; if so, then retrieving the MAC address from the ARP 
cache; and if not, then broadcasting an ARP request with the destination IP 
address and receiving an ARP reply with the MAC address. (Bussiere, col.1 , line 
5 -col. 10, line 65; Amara, col.1, line 7 - col. 18, line 38; Zhang, col.1, line 6 - 
col. 16, line 33; Liu, para. 1-34) 

• further comprising: pre-configuring the entry device to mirror data packets which 
include a VLAN tag with at least one specified VLAN identifier. (Bussiere, col.1 , 
line 5 -col. 10, line 65; Amara, col.1, line 7 - col.18, line 38; Zhang, col.1, line 6- 
col.16, line 33; Liu, para. 1-34) 

• further comprising: pre-configuring the entry device to mirror data packets which 
include MAC addresses that matches at least one entry in a MAC look-up table. 
(Bussiere, col.1, line 5 - col. 10, line 65; Amara, col.1, line 7- col.18, line 38; 
Zhang, col.1, line 6 - col. 16, line 33; Liu, para. 1-34) 

1 1 . Claims 15-16. 26-27. and 29 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bussiere (US006041042A), in view of Amara et al. (US006839338B1), in view of 
Zhang et al. (US006985935B1), and further in view of Brown (US007124166B2). 
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12. With regard to claims 15-16 and 26-27 . Bussiere, Amara, and Zhang disclose, 
See claims 1 and 18 rejection as detailed above. 
However, Bussiere, Amara, and Zhang do not explicitly disclose, 

• further comprising: truncating the data packet to reduce a size of the IP- 
encapsulated packet prior to forwarding thereof. 

• further comprising: compressing at least a portion of the data packet to reduce a 
size of the IP-encapsulated packet prior to forwarding thereof. 

Brown teaches, 

• further comprising: truncating the data packet to reduce a size of the IP- 
encapsulated packet prior to forwarding thereof (Brown, col.1, lines 8 - col. 18, 
line 23) 

Brown discloses, "Typically, video conferencing application 21 OA encodes and 
displays audio and video content Implementations of video conferencing 
application 21 OA use compression to reduce the bandwidth consumed by 
transmitting the stream of data units. For example, video conferencing protocols 
and techniques may reduce the resolution, detail, or frame rate to reduce the 
bandwidth consumed. In another example, the frame-to-frame differences may 
be encoded for transmission instead of encoding each frame. Similar techniques 
may be applied to the audio signal. For example, the sampling rate of the audio 
signal may be reduced or the signal may be compressed" (Brown, col. 7, lines 56- 
67). 

• further comprising: compressing at least a portion of the data packet to reduce a 
size of the IP-encapsulated packet prior to forwarding thereof (Brown, col.1, 
lines 8 -col. 18, line 23) 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Brown with the teachings of 
Bussiere, Amara, and Zhang "to send data between devices on the same network 
and between devices on different networks" (Amara, col.3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1 , lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Brown discloses, "The 
resources required for one or more applications may lead one or more conferencing 
participants to participate in a less resource-intensive manner" (Brown, col.7, lines 
52-55). 



13. 



With regard to claim 29 . Bussiere discloses, 
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• an entry device configured to receive from the local network layer 2 domain a 
data packet to be remotely mirrored to a remote exit device in the remote 
network layer 2 domain; (Bussiere, col.1, line 5 -col. 10, line 65) 
Bussiere discloses, TIG. 2 illustrates, by way of example, part of a network 
system in which a source device is monitored by a remote analyzer. The source 
device is referred to as an ingress device 15 for so long as the device is being 
monitored, and can be any one of the network communication devices (e.g., 
devices 1-4, 6 and 9 in FIG. 1). Ingress device 15 may have multiple ports 
through which packets may be received and sent. In FIG. 2, port 13 has been 
selected as the port to be monitored. Thus, in this example, device 15 is the 
ingress device and port 13 is the "mirror-from-port." A "mirror-to-port" 14 is the 
out port on ingress device 15 that is on a path 12 set up through the connection- 
oriented network 10 to the egress device 18. All packets received and sent by the 
port 13 are also copied and transmitted through the network 10 to analyzer 5, 
located off analyzer port 11 of egress device 18. The "egress device" is the 
device on the network that is used to monitor the mirror-from-port 13 on the 
ingress device 15. Any device may be selected as the egress device" (Bussiere, 
col.4, line 66 - col. 5, line 17). Hence, Bussiere teaches of the ingress device 15 
(i.e., Applicants' entry device) receiving packets (i.e., Applicants' data packet) 
that are being monitored through port 13 (e.g., "mirror-from-port") (i.e., 
Applicants' to be monitored) and transmitting them through "mirror-to-port" 14 to 
the egress device 18 (i.e., Applicants' remote mirrored device). Bussiere 
discloses, "In step 41, a port on a device in the network is selected to be 
monitored (i.e., a device is designated as an ingress device). Special hardware 
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(and/or software) is set-up in the ingress device (e.g., 15), defining one port (e.g., 
port 13) as the "mirror-from-port" and one port (e.g., port 14) as "mirror-to-port". 
In step 42, frame encapsulation logic (e.g., 15') is set up in the ingress device 
(e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a specific out-port of 
the ingress device (e.g., "mirror-to-port" 14) through the trunk devices (e.g., 16 
and 17) to the egress device (e.g., 18)" (Bussiere, col. 6, lines 41-50). Hence, 
Bussiere teaches of the ingress device (e.g., "mirror-to-port" 14) (i.e., Applicants' 
entry device) is set up (i.e., Applicants' configured) with a path through the use of 
source and destination addresses (i.e., Applicants' destination IP address) so 
that data is forwarded to the egress device (i.e., Applicants' destination which 
mirror the data packet, remote exit device). 
• a configuration file in the entry device, where the configuration file stores a 
destination Internet Protocol (IP) address to which to mirror the data packet; 
(Bussiere, col.1, line 5 -col. 10, line 65) 

Bussiere discloses, "In step 41, a port on a device in the network is selected to 
be monitored (i.e., a device is designated as an ingress device). Special 
hardware (and/or software) is set-up in the ingress device (e.g., 15), defining one 
port (e.g., port 13) as the "mirror-from-port" and one port (e.g., port 14) as 
"mirror-to-port". In step 42, frame encapsulation logic (e.g., 15') is set up in the 
ingress device (e.g., 15). In step 43, a path, (e.g., path 12), is set-up from a 
specific out-port of the ingress device (e.g., "mirror-to-port" 14) through the trunk 
devices (e.g., 16 and 17) to the egress device (e.g., 7 8J" (Bussiere, col.6, lines 
41-50). Hence, Bussiere teaches of the ingress device (e.g., "mirror-to-port" 14) 
(i.e., Applicants' entry device) is set up (i.e., Applicants' configured) with a path 
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through the use of source and destination addresses (i.e., Applicants' destination 
IP address) so that data is forwarded to the egress device (i.e., Applicants' 
destination which mirror the data packet, remote exit device). 
• a remote mirroring engine for generating and adding an IP header to IP 

encapsulate the data packet wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
header, and for having the IP- encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. (Bussiere, col. 1 , line 5 - 
col. 10, line 65) 

Bussiere discloses, "According to a method embodiment, the invention 

comprises the steps of: selecting a first port of a first device from which to mirror 

packets; selecting a first port of a second device to which to mirror the packets; 

and mirroring the packets from the first port of the first device to the first port of 

the second device by encapsulating the packets and sending the encapsulated 

packets through the network to the second device. The first device encapsulates 

the packets, enabling them to be transmitted out the network to the second 

device; the second device de-encapsulates the encapsulated packets, and 

provides the same to an analyzer. The mirroring step may include establishing a 

connection path through a switched network from the first device to the second 

device and sending the encapsulated packets on the path. The step of 

encapsulating the packets may include adding a header which identifies the 

connection path" (Bussiere, col.2, lines 27-46). Hence, Bussiere teaches of the 

« 

first device (i.e., Applicants' entry device) encapsulating the packets (i.e., 
Applicants' data packet) by including (i.e., Applicants' adding) headers identifying 
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(i.e., Applicants' includes) the address of the destination (i.e., Applicants' 
destination address) device. 
However, Bussiere does not explicitly disclose, 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
heade r, and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. 

Amara teaches, 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
heade r, and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. (Amara, col.1, line 7 - 
col. 18, line 38) 

Amara discloses, "IP can be used to send data between devices on the same 
network and between devices on different networks. For IP communications, a 
device is generally assigned a 32-bit IP address. The IP address is generally 
globally unique across the connected networks, and this allows the destination 
device to be uniquely identified by its IP address. Data is transmitted in an IP 
packet The IP packet includes a header portion and a data portion" (Amara, 
col.3, lines 31-38). Amara discloses, "The virtual tunnel 126 can be created by 
encapsulating a data packet inside another data packet and by adding additional 
tunnel packet headers" (Amara, col. 6, lines 43-45). Hence, Amara implies of IP 
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encapsulating data packets using IP headers and transmitting them to the 
destination based on the destination IP address of the IP header through devices 
on different networks. 

I Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Amara with the teachings of 
Bussiere "to send data between devices on the same network and between devices 
on different networks" (Amara, col.3, lines 31-32). Bussiere discloses, "As 
businesses have realized the economic advantages of sharing expensive computer 
resources, cabling systems (both physical and wireless) have proliferated to enable 
the sharing of such resources over a network. A local area network, or 'LAN', refers 
to an interconnected data network that is usually confined to a moderately-sized 
geographical area, such as a single office building or a campus area. Larger 
networks are often referred to as wide area networks or WANs'. Networks may be 
formed using a variety of different interconnection elements, such as unshielded 
twisted pair cables, shielded twisted pair cables, coaxial cable, fiber optic cable, and 
wireless interconnection elements. The configuration of these cabling elements, and 
the interfaces for the communications medium, may follow one or more topologies 
such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13-28). Hence, Bussiere 
suggests of communicating between networks, providing motivation to combine with 
the teachings of Amara to send data packets between different networks via IP 
encapsulation. 

However, Bussiere and Amara do not explicitly disclose, 
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• an entry device configured to receive from the local network layer 2 domain a 
data packet to be remotely mirrored to a remote exit device in the remote 
network layer 2 domain; 

Zhang teaches, 

• an entry device configured to receive from the local network layer 2 domain a 
data packet to be remotely mirrored to a remote exit device in the remote 
network layer 2 domain; (Zhang, col.1 , line 6 -col. 16, line 33) 

Zhang discloses, "Once the Layer 2 tunnel is setup and a necessary link is 
established, the LNS typically assigns an IP address to an authenticated client, 
and sends it to the network access device over the Layer 2 tunnei The network 
access device receives the IP address and transfers it to the client (129)." 
(Zhang, col. 9, lines 20-24). Hence, Zhang teaches of communicating between 
networks through layer 2 encapsulation. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Zhang with the teachings of 
Bussiere and Amara "to send data between devices on the same network and 
between devices on different networks" (Amara, col. 3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
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as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. 
However, Bussiere, Amara, and Zhang do not explicitly disclose, 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet, wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
header and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. 

Brown teaches, 

• a remote mirroring engine for generating and adding an IP header to IP 
encapsulate the data packet, wherein the IP header includes the destination IP 
address, for reducing size of the data packet to accommodate the added IP 
header and for having the IP-encapsulated packet forwarded towards a remote 
exit device associated with the destination IP address. (Brown, col.1, lines 8 - 
col.1 8, line 23) 

Brown discloses, "Typically, video conferencing application 21 OA encodes and 
displays audio and video content. Implementations of video conferencing 
application 21 OA use compression to reduce the bandwidth consumed by 
transmitting the stream of data units. For example, video conferencing protocols 
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and techniques may reduce the resolution, detail, or frame rate to reduce the 
bandwidth consumed. In another example, the frame-to-frame differences may 
be encoded for transmission instead of encoding each frame. Similar techniques 
may be applied to the audio signal. For example, the sampling rate of the audio 
signal may be reduced or the signal may be compressed" (Brown, col. 7, lines 56- 
67). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Brown with the teachings of 
Bussiere, Amara, and Zhang "to send data between devices on the same network 
and between devices on different networks" (Amara, col.3, lines 31-32). Bussiere 
discloses, "As businesses have realized the economic advantages of sharing 
expensive computer resources, cabling systems (both physical and wireless) have 
proliferated to enable the sharing of such resources over a network. A local area 
network, or 'LAN', refers to an interconnected data network that is usually confined to 
a moderately-sized geographical area, such as a single office building or a campus 
area. Larger networks are often referred to as wide area networks or WANs'. 
Networks may be formed using a variety of different interconnection elements, such 
as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber 
optic cable, and wireless interconnection elements. The configuration of these 
cabling elements, and the interfaces for the communications medium, may follow 
one or more topologies such as a star, ring, bus or mesh" (Bussiere, col.1, lines 13- 
28). Hence, Bussiere suggests of communicating between networks, providing 
motivation to combine with the teachings of Amara to send data packets between 
different networks via layer 2 IP encapsulation. In addition, Brown discloses, "The 



Application/Control Number: 10/723,041 Page 26 

Art Unit: 2145 

resources required for one or more applications may lead one or more conferencing 
participants to participate in a less resource-intensive manner" (Brown, col.7, lines 
52-55). 



Response to Arguments 

14. Applicant's arguments with respect to claims 1-29 have been considered but are moot in 
view of the new ground(s) of rejection. 



Conclusion 

15. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 . 1 36(a). A 
shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed 
until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension 
fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory 
action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 



16. 



Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Thomas Duong whose telephone number is 571/272-391 1. The 
examiner can normally be reached on M-F 7:30AM - 4:00PM. If attempts to reach the 
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examiner by telephone are unsuccessful, the examiner's supervisor, Jason D. Cardone 
can be reached on 571/272-3933. The fax phone numbers for the organization where 
this application or proceeding is assigned are 571/273-8300 for regular communications 
and 571/273-8300 for After Final communications. ^/ 



Thomas Duong (AU2145) 
October 25, 2007 



